Skip to content

Pass --header enrollment option to fleet-server #8071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Jul 2, 2025
Merged

Pass --header enrollment option to fleet-server #8071

merged 14 commits into from
Jul 2, 2025

Conversation

blakerouse
Copy link
Contributor

@blakerouse blakerouse commented May 2, 2025
edited
Loading

What does this PR do?

Currently the --header enrollment flag is used when bootstrapping Fleet Server. Those headers should also be used when communicating with Fleet Server that is not being bootstrapped.

Why is it important?

When enrolling to a Fleet Server that is behind a proxy that requires specific headers for communication it is not possible to enroll the Elastic Agent into the Fleet Server.

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • [ ] I have added an integration test or an E2E test (covered well in unit tests)

Disruptive User Impact

None

How to test this PR locally

Setup a Fleet Server behind a proxy that requires a specific header for traffic to flow. Then enroll the elastic-agent with the required header:

./elastic-agent enroll --url http://proxy-url --enrollment-token ${token} --header X-Custom-Header=TEST

Related issues

@mergify Mergify
Copy link
Contributor

mergify bot commented May 2, 2025

This pull request does not have a backport label. Could you fix it @blakerouse? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label that automatically backports to the 8./d branch. /d is the digit
  • backport-active-all is the label that automatically backports to all active branches.
  • backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
  • backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

@blakerouse blakerouse marked this pull request as ready for review May 2, 2025 19:20
@blakerouse blakerouse requested a review from a team as a code owner May 2, 2025 19:20
@blakerouse blakerouse added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team backport-9.0 Automated backport to the 9.0 branch backport-8.19 Automated backport to the 8.19 branch labels May 2, 2025
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@blakerouse blakerouse removed the backport-9.0 Automated backport to the 9.0 branch label May 2, 2025
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
37.5% Coverage on New Code (required ≥ 40%)

See analysis details on SonarQube

cmacknz
cmacknz reviewed May 5, 2025
View reviewed changes
kaanyalti
kaanyalti reviewed May 6, 2025
View reviewed changes
Copy link
Contributor

@kaanyalti kaanyalti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me. Once the ci is green and Craig's comments are addressed I can approve

@blakerouse blakerouse marked this pull request as draft May 8, 2025 15:04
@blakerouse blakerouse added the backport-9.1 Automated backport to the 9.1 branch label Jul 1, 2025
@blakerouse blakerouse marked this pull request as ready for review July 1, 2025 14:46
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
38.5% Coverage on New Code (required ≥ 40%)

See analysis details on SonarQube

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @blakerouse

@blakerouse
Copy link
Contributor Author

@cmacknz @kaanyalti Can I get another review of the PR? I know its been sitting a while, I just wanted to bring it back to your attention.

@blakerouse blakerouse merged commit 5e45823 into elastic:main Jul 2, 2025
18 of 19 checks passed
mergify bot pushed a commit that referenced this pull request Jul 2, 2025
@blakerouse @mergify
Pass --header enrollment option to fleet-server (#8071)
141a853 
* Work on adding HTTP header support to enroll.

* Pass enroll headers to fleet.

* Update --header command-line description.

* Add changelog entry.

* Fix typo.

* Satisfy lint.

* Add missing headers to container entry.

* Update changelog.

* Redact anything with auth in the key.

* Add header test for checkin.

* Fix imports.

(cherry picked from commit 5e45823)
@mergify mergify bot mentioned this pull request Jul 2, 2025
Merged
6 tasks
mergify bot pushed a commit that referenced this pull request Jul 2, 2025
@blakerouse @mergify
Pass --header enrollment option to fleet-server (#8071)
16fd2b3 
* Work on adding HTTP header support to enroll.

* Pass enroll headers to fleet.

* Update --header command-line description.

* Add changelog entry.

* Fix typo.

* Satisfy lint.

* Add missing headers to container entry.

* Update changelog.

* Redact anything with auth in the key.

* Add header test for checkin.

* Fix imports.

(cherry picked from commit 5e45823)
@mergify mergify bot mentioned this pull request Jul 2, 2025
Merged
6 tasks
blakerouse pushed a commit that referenced this pull request Jul 2, 2025
@mergify
Pass --header enrollment option to fleet-server (#8071) (#8809)
45f36e8
blakerouse pushed a commit that referenced this pull request Jul 2, 2025
@mergify
Pass --header enrollment option to fleet-server (#8071) (#8808)
92643a4
v1v added a commit to v1v/elastic-agent that referenced this pull request Jul 6, 2025
@v1v
Merge remote-tracking branch 'upstream' into feature/hosted-stack-usi…
b30096e 
…ng-oblt-cli

* upstream: (37 commits)
  [AutoOps] Add `autoops-es.yml` to Packages (elastic#8728)
  EDOT collector: include the forward connector. (elastic#8753)
  Revert "ci: pin elastic-agent version (elastic#8736)" (elastic#8754)
  bk: retry Start ESS stack for integration tests (elastic#8553)
  Re-enable TestStandaloneUpgradeRollbackOnRestarts on windows (elastic#8718)
  removed reviewers from dependabot.yml (elastic#8709)
  Pass `--header` enrollment option to fleet-server (elastic#8071)
  Add ability for local output configuration to add to policy configuration (elastic#8766)
  Bump up github.com/go-viper/mapstructure/v2 dependency (elastic#8764)
  [Synthetics] Upgrade node to latest lts v20 (elastic#8712)
  [CI] BK Vault plugin for EC access (elastic#8377)
  feat: singleTest mage target for each integration test package (elastic#8691)
  ci: always include 8.19 LTS release branch in snapshots of test versions (elastic#8761)
  build(deps): bump github.com/elastic/mito from 1.19.0 to 1.20.0 (elastic#8755)
  chore: fix elastic-agent helm chart examples (elastic#8765)
  feat: support onboarding-id for kubernetes (elastic#8692)
  [main][Automation] Bump VM Image version to 1751072471 (elastic#8734)
  ci: revert deployment_csp_configuration.yaml to create_deployment_csp_configuration.yaml (elastic#8746)
  kustomize: pin kube-state-metrics version (elastic#8739)
  ci: pin elastic-agent version (elastic#8736)
  ...
v1v added a commit that referenced this pull request Jul 6, 2025
@v1v
Merge remote-tracking branch 'upstream' into test/oblt-cli-hosted
dcfd799 
* upstream: (39 commits)
  Fix otel extension status reporting (#8696)
  Refactor user change on service (#8347)
  [AutoOps] Add `autoops-es.yml` to Packages (#8728)
  EDOT collector: include the forward connector. (#8753)
  Revert "ci: pin elastic-agent version (#8736)" (#8754)
  bk: retry Start ESS stack for integration tests (#8553)
  Re-enable TestStandaloneUpgradeRollbackOnRestarts on windows (#8718)
  removed reviewers from dependabot.yml (#8709)
  Pass `--header` enrollment option to fleet-server (#8071)
  Add ability for local output configuration to add to policy configuration (#8766)
  Bump up github.com/go-viper/mapstructure/v2 dependency (#8764)
  [Synthetics] Upgrade node to latest lts v20 (#8712)
  [CI] BK Vault plugin for EC access (#8377)
  feat: singleTest mage target for each integration test package (#8691)
  ci: always include 8.19 LTS release branch in snapshots of test versions (#8761)
  build(deps): bump github.com/elastic/mito from 1.19.0 to 1.20.0 (#8755)
  chore: fix elastic-agent helm chart examples (#8765)
  feat: support onboarding-id for kubernetes (#8692)
  [main][Automation] Bump VM Image version to 1751072471 (#8734)
  ci: revert deployment_csp_configuration.yaml to create_deployment_csp_configuration.yaml (#8746)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaanyalti kaanyalti kaanyalti left review comments

@cmacknz cmacknz cmacknz approved these changes

@andrzej-stencel andrzej-stencel Awaiting requested review from andrzej-stencel andrzej-stencel is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@blakerouse blakerouse

Labels
backport-8.19 Automated backport to the 8.19 branch backport-9.1 Automated backport to the 9.1 branch Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

--header is not used with communication to Fleet Server
4 participants
@blakerouse @elasticmachine @cmacknz @kaanyalti